Capacity
CCI-000200
The information system prohibits password reuse for the organization-defined number of generations.
17
Rule
Severity: Medium
Limit Password Reuse: password-auth
17
Rule
Severity: Medium
Limit Password Reuse: system-auth
20
Rule
Severity: Medium
Limit Password Reuse
7
Rule
Severity: Medium
Verify Permissions and Ownership of Old Passwords File
1
Rule
Severity: Medium
AAA Services must be configured to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
The Akamai Luna Portal must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The application must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Low
The Central Log Server must be configured to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The DBN-6300 must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
CounterACT must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The HP FlexFabric Switch must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The DataPower Gateway must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
IBM Aspera Console passwords must be prohibited from reuse for a minimum of five generations.
1
Rule
Severity: Medium
IBM Aspera Faspex passwords must be prohibited from reuse for a minimum of five generations.
1
Rule
Severity: Medium
The MQ Appliance network device must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
CA VM:Secure product PASSWORD user exit must be coded with the PWLIST option properly set.
1
Rule
Severity: Medium
The Ivanti MobileIron Core server must prohibit password reuse for a minimum of four generations.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The Mainframe Product must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.
1
Rule
Severity: Medium
Nutanix AOS must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Low
Splunk Enterprise must prohibit password reuse for a minimum of five generations for the account of last resort.
1
Rule
Severity: Medium
The Samsung SDS EMM local accounts must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The Tanium application must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The Tanium Operating System (TanOS) must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The UEM server must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: High
The Workspace ONE UEM local accounts must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The PASSWORD History Count value must be set to 10 or greater.
2
Rule
Severity: High
Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations.
5
Rule
Severity: Medium
The macOS system must prohibit password reuse for a minimum of five generations.
2
Rule
Severity: Low
The Ubuntu operating system must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The container platform must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The operating system must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
AIX must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The CA-TSS PWHIST Control Option must be set to 10 or greater.
1
Rule
Severity: Medium
The CA-TSS PPHIST Control Option must be properly set.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to prohibit password reuse for a minimum of five generations or more.
1
Rule
Severity: Medium
The IBM RACF PASSWORD(HISTORY) SETROPTS value must be set to 5 or more.
2
Rule
Severity: Medium
The password history must be configured to 24 passwords remembered.
2
Rule
Severity: Medium
Windows Server 2016 password history must be configured to 24 passwords remembered.
1
Rule
Severity: Medium
Windows Server 2019 password history must be configured to 24 passwords remembered.
1
Rule
Severity: Medium
Windows Server 2022 password history must be configured to 24 passwords remembered.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords are prohibited from reuse for a minimum of five generations.
1
Rule
Severity: Low
OL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
OL 8 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that passwords are prohibited from reuse for a minimum of five generations.
1
Rule
Severity: Medium
RHEL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
2
Rule
Severity: Medium
The SUSE operating system must employ a password history file.
1
Rule
Severity: Medium
The SUSE operating system must not allow passwords to be reused for a minimum of five (5) generations.
1
Rule
Severity: Medium
RHEL 8 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
RHEL 9 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
RHEL 9 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The SUSE operating system must not allow passwords to be reused for a minimum of five generations.
2
Rule
Severity: Medium
Users must not reuse the last 5 passwords.
1
Rule
Severity: Low
Splunk Enterprise must be configured to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The VMM must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The use of a Solidcore 8.x local Command Line Interface (CLI) Access Password must be documented in the organizations written policy.
1
Rule
Severity: Medium
The ESXi host must prohibit the reuse of passwords within five iterations.
3
Rule
Severity: Medium
The vCenter Server must prohibit password reuse for a minimum of five generations.
2
Rule
Severity: Medium
The ESXi host must prohibit password reuse for a minimum of five generations.
3
Rule
Severity: Medium
The Photon operating system must prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
The Photon operating system must ensure the old passwords are being stored.
2
Rule
Severity: Medium
The Photon operating system must be configured to use the pam_pwhistory.so module.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to prohibit password reuse for a minimum of five generations.
1
Rule
Severity: Medium
Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.
1
Rule
Severity: Medium
SLEM 5 must not allow passwords to be reused for a minimum of five generations.
1
Rule
Severity: Medium
SLEM 5 must employ a password history file.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules